Embedded Files
Objective - Allow user in account to interact with snowflake via API. There are 2 ways (i.e. - using OAuth and using KeyPair ) of authentication in any API call to snowflake.
What all is needed to complete this -
Windows machine (with jdk (for JWT generation), ssh-keygen(for keypair management) and curl (for making API call))
A snowflake account with admin right to manage another user. currently using a trial account.,
Steps -
Generate Key Pair (Run these in command-prompt)
ssh-keygen -t rsa -b 2048 -m pkcs8 : This will prompt for path where keys should be generated and passphrase. I let both as default .. no passphrase, to keep things simpler when generating JWT.
ssh-keygen -e -f id_rsa.pub -m pkcs8 :This converts public key (id_rsa.pub, generated in prev command) to pkcs8 format needed by snowflake.
This might not be needed ssh-keygen -p -m pkcs8 -N "" -C "" -f id_rsa , had to use it to remove passphrase from priv key file.Configure snowflake user and network policies (Run these in snowflake worksheet)
CREATE USER rohit_1
PASSWORD = 'rohit@123'
DEFAULT_WAREHOUSE = 'compute_wh'
RSA_PUBLIC_KEY ='MIIBIj...lQIDAQAB'; -- MIIBIj...lQIDAQAB is public key from id_rsa.pub file
DESCRIBE USER rohit_1; -- to obtain RSA_PUBLIC_KEY_FP, used in JWT payload.Generate JWT SnowflakeJWTGeneratorPureJava (Download, edit and compile) (Run these in command-prompt)
javac SnowflakeJWTGeneratorPureJava.java
java SnowflakeJWTGeneratorPureJava : This prints JWT.Make API call. (Run this in command-prompt after replacing JWT(Text after "Bearer" in value for "Authorization" header))
curl -i -X POST -H "Content-Type: application/json" -H "Authorization: Bearer eyJhbGci...WjKQ" -H "Accept: application/json" -H "User-Agent: myApplicationName/1.0" -H "X-Snowflake-Authorization-Token-Type: KEYPAIR_JWT" -d "{\"statement\" : \"select * from temp_db.temp_sch.x\"}" "https://XWFFVDA-JU98450.snowflakecomputing.com/api/v2/statements"
Google Sites
Report abuse